Subdomainentries via Unbound for IPv6
-
Hi,
for my internal webserver I'd like to configure subdomains, that will be resolved via Unbound on pfSense also via IPv6.
Assume the following:- I have a server webint.mydomain that has an IPv4 and IPv6 both handed out via the DHCP on pfSense
--> all clients will resolve webint.mydomain to the server (IPv4 and IPv6) --> fine - Now i also want to resolve sub1.webint.mydomain to this server
- I don't have a static IPv6 prefix unfortunately
- Configuring wildcard domains would be luxury but absolutely not necessary
Problem:
- IPv4: this should be easily accomplishable (see sticky post or host overrides in the web GUI)
- IPv6: As my first 56 bits of the servers IPv6 change with every WAN reconnect I can't configure the DNS entry in a static way (like IPv4) --> is there any reasonable solution to satisfy my needs?
- From what I googled so far, CNAME records in Unbound won't help (I won't pretend that I fully understand the reason)
Thank you!
- I have a server webint.mydomain that has an IPv4 and IPv6 both handed out via the DHCP on pfSense
-
@b_chris said in Subdomainentries via Unbound for IPv6:
IPv6: As my first 56 bits of the servers IPv6 change with every WAN reconnect
Have you set Do not allow PD/Address release on the WAN page? Failing that, you can enable Unique Local Addresses on your LAN, which you can point the DNS to.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
So this is for internal use only? I am not getting why you want to do this.. Clearly your IPv4 being rf1918 would not change or need to change.
So why is it you can not just talk to the server via ipv4 internally?
Why do you want/need to resolve this fqdn to the IPv6 address?
-
@johnpoz said in Subdomainentries via Unbound for IPv6:
Why do you want/need to resolve this fqdn to the IPv6 address?
I don't know about him, but I access some stuff from elsewhere. Also, as I mentioned, ULA can be used to provide stable addresses.
-
@jknott said in Subdomainentries via Unbound for IPv6:
Have you set Do not allow PD/Address release on the WAN page?
Yes, this option is set but probably ignored by the ISP :(
In genernal: To be honest, I don't have an absolut need to have the server be reachable via IPv6. I just like to experiment with IPv6 and thought, it would be really cool to get it working without too many hacks. Therefore I didn't want to give up on that without even asking.
-
Well, since you like experimenting, give ULA a try. Even though my prefix doesn't change, I still have ULA on my network.
-
@jknott
yeah, actually this might be a nice workaround! I'll put this on my todo list ;) -
There are a lot of things different in IPv6, compared to IPv4. One of these is having multiple addresses on the same interface. This was also possible in IPv4, with aliases, but it wasn't common. With pfsense, on the RA page, you can add several prefixes, if you wish.
